Regulatory Concerns in Electronic Communications
Lost in the advancements in electronic communications are their legal ramifications. As the United States legal system struggles to keep pace with innovation, courts, companies and individuals must rely upon laws written as far back as the 1930s to regulate the realities of the 21st century. Regulators are in a constant race to keep pace with advances in technology. While new regulations slowly come into being, the United States legal system currently has no choice but to try to mold existing laws into viable solutions for the inevitable problems of ever-evolving electronic communications.
Three agencies share jurisdiction in monitoring the e-communications market: the Department of Justice (DoJ), the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). Overlap between the FCC and the FTC exists in cases of mergers concerning radio license transfer or common carriers and in cases where there is a violation of both sector specific and antitrust laws.
Several outside recommendations have been put forth to help the FCC more easily regulate electronic communications. This is largely due to failures of the FCC to address key areas of regulation and its decision to remove itself from proactive technical analysis.
Philip Weiser, senior adviser for technology and innovation to the National Economic Council at the White House, recommends a three-part solution. First, the FCC should identify and govern broad areas where cooperation between entities is essential. Second, it should oversee a private sector body that helps the Internet self-regulate. Third, in the event of a breakdown of cooperation between parties, the FCC should act as an adjudicator, rather than a rule maker. Kevin Werbach of The Wharton School feels the FCC should leverage existing, privately created standards. He likens his recommendation to those followed in areas such as accounting and workplace safety, where industry has created standards that regulators enforce. A third course proposed by Christopher Yoo, founding director of the Center for Technology, Innovation, and Competition would have the FCC regulate using a case-by-case approach. This approach would circumvent the adoption of categorical rules that cannot cope with minute distinctions between cases. The common thread in all three arguments is that the FCC should be an adjudicator, rather than a rule maker.
The blurring of the lines between information and communication technologies creates its own set of challenges. Antonios Broumas points out that the Telecommunications, Broadcasting and Information Technology industries are rapidly converging. His concern is that policy makers will not strike a balance between fair competition and encouraging innovation. Broumas’ recommendation is to regulate electronic communications through a convergence of economic rules applied to the market and competition law for ad hoc regulation of individual matters. His desire for ad hoc regulation is similar to the approaches of Weiser, Werbach and Yoo.
In an effort to aid Cyber Security researchers, the Department of Homeland Security (DHS) Science & Technology Directorate’s Cyber Security R&D division put forth the PREDICT1 project. The project is designed to facilitate cyber defense research by providing data to the researchers. PREDICT1 includes an analysis of legal and policy issues associated with each of its data sets. This provides researchers with certainty that the datasets they are using for research are free of legal issues.
No matter what regulations are put forth, enforcing them is very challenging. Simply determining who is processing data is often difficult. If the processing is taking place in a state or country other than where the user resides, who has jurisdiction? Is it the user’s state, or the state or country where the data is stored and/or processed? What happens if the state that is determined to have jurisdiction has few or no information security laws? More than 45 states currently do have Breach Notification Laws that protect users who store personal information online. In short, these laws require that data owners storing a user’s personal information inform the user if unauthorized access of that data has occurred. Despite the existence of these Breach laws, as of 2011 only nine states had laws requiring companies to implement reasonable information security measures. Instead, it is up to the companies themselves to determine what, if any security measures they wish to put in place. Recent case law does show that jurisdiction is most often designated to whoever first dealt with the matter, but this still does not answer the greater question of inconsistent laws from state to state.
Underlying all of these issues is the communications technology itself. TCP/IP cannot guarantee the QoS that streaming applications such as videos, games and telemedicine need. This has led to providers experimenting with prioritizing traffic, which intern sparks many Net Neutrality debates. Net Neutrality brings its own set of challenges to the table that the above recommendations can only hope to assist.
As someone who spent four and a half years in the legal realm, I am fascinated with the challenges of regulation keeping pace with technology. Advancements in technology are rapid. Regulation is not. The Stored Communications Act is 25 years old. The Communications Act of 1934 is 77. Both these laws were written with their respective eras in mind, yet must be applied to the challenges of today until they are amended or replaced. The consensus of the authors above is that the FCC takes the role of an adjudicating organization, rather than a rule making one. Their points are valid. Given technology’s rapid change and the slow speed of lawmakers, it is foreseeable that a new regulation could be obsolete before its ink is dry. For the regulators to be effective, they must create ways to keep pace with the industry they oversee.
LogRhythm wins "Innovator of the Year" from SC Magazine. "This is not your father's log manager."